According to the investigations by ICO, between July 2016 and October 2017, the company had sent 14.8 million marketing text messages without having consent using third party service provider by breaking GDPR laws.

As the data controller of the campaign, The Tax Returned should have taken equitable steps to make sure the data they obtained complies with the Privacy and Electronic Communication Regulation (PECR) which states to collect explicit consent from the people receiving the messages.

The firm claimed to have the consents from general third-party, they have insisted by the privacy policies of a certain website.

However, ICO found in the investigations that the diction of the policies was not clear much and the Tax Returned is not mentioned, nor the third party marketing firm was listed on most of the privacy policies.

After this investigations, ICO has served a notice to Tax Returned, ordering the firm to stop their illegal marketing activities.

Steve Eckersley, ICO’s Director of Investigations, said:

“Spam texts are a real nuisance to people across the country, and this firm’s failure to follow the rules drove over 2,100 people to complain.

“Firms using third-party marketing services need to double-check whether they have valid consent from people to send promotional text messages to them. Generic third-party consent is also not enough, and companies will be fined if they break the law.”